REDIRECT vs. DNAT (Was: HELP! Transparent Proxy using bridging...)

REDIRECT vs. DNAT (Was: HELP! Transparent Proxy using bridging...)

[Toby]

Jason Opperisano wrote:
> REDIRECT is a whole different beast from DNAT.

As in?

Doesn't REDIRECT just do a DNAT to the machine's own address?


Toby

-- 
Love(n): The delusion that one woman differs from another.
						H.L. Mencken

Re: REDIRECT vs. DNAT (Was: HELP! Transparent Proxy using bridging...)

[Grant Taylor]

Yes, REDIRECT redirects traffic passing through the system to it's self, but it does not give you an option to send the traffic any where else.  If you want to send the traffic passing through the system to a different one on the LAN or where ever you need something other than redirect.  DNAT will send the packets to the other system but appear as if it is still coming from the original client system, thus SNAT makes the traffic appear to the system that you are sending the traffic to as if it is coming from the system that is doing the redirection.  The reason the traffic has to appear as if it is coming from the system doing the redirection is b/c the traffic must travel the same path (host IPs) in reverse as to not confuse the client system with the response coming from a different IP than the request was sent too.



Grant. . . .

Toby wrote:

> Jason Opperisano wrote:
> 
>>REDIRECT is a whole different beast from DNAT.
> 
> 
> As in?
> 
> Doesn't REDIRECT just do a DNAT to the machine's own address?
> 
> 
> Toby
>